Over 540 Million Facebook User Records Leaks on Amazon cloud servers

Once again UpGuard, a security risk team have found a couple of leaky Amazon Cloud server which were containing two datasets with more than 540 million Facebook user record.

In these two dataset, one was came from a Mexican-based media company called Cultura Colectiva and contained 146 GB records of user activity, such as comments, reactions, likes, friends list, interests, groups, check-ins, events, music, movies, photos, and more, as well as account names and Facebook IDs.

And the second dataset came from a third-party, Facebook integrated app called “At the Pool,” which contained the same user activity as above and user passwords. Although the password was from the app 'At the Pool', the researcher said users have used the same password on both their Facebook accounts and the third-party “At the Pool” app.

On the blog post, UpGuard said that all the data have been removed by Facebook Team after they made aware of this huge leak. All the dataset was found in an Amazon S3 bucket which not protected with the password allowing anyone to download all the Facebook passwords of 22,000 users.

So we highly recommend to all Facebook users to immediately change their password.

Once again UpGuard, a security risk team have found a couple of leaky Amazon Cloud server which were containing two datasets with more than 540 million Facebook user record.

In these two dataset, one was came from a Mexican-based media company called Cultura Colectiva and contained 146 GB records of user activity, such as comments, reactions, likes, friends list, interests, groups, check-ins, events, music, movies, photos, and more, as well as account names and Facebook IDs.

And the second dataset came from a third-party, Facebook integrated app called “At the Pool,” which contained the same user activity as above and user passwords. Although the password was from the app 'At the Pool', the researcher said users have used the same password on both their Facebook accounts and the third-party “At the Pool” app.

On the blog post, UpGuard said that all the data have been removed by Facebook Team after they made aware of this huge leak. All the dataset was found in an Amazon S3 bucket which not protected with the password allowing anyone to download all the Facebook passwords of 22,000 users.

So we highly recommend to all Facebook users to immediately change their password.